957 matches found
CVE-2020-13351
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...
CVE-2020-13351
Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are =13.0, =13.4.0, =13.5.0, 13.5.2...
CVE-2020-13358
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...
CVE-2020-13352
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: =10.2, =13.4, =13.5, 13.5.2...
CVE-2020-13264
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
Code injection
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13262
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...
Code injection
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...
CVE-2020-13264
Removed by vendor...
CVE-2020-13261
CVE-2020-13261 affects GitLab CE/EE 12.6 through 13.0.1, where Amazon EKS credentials can be disclosed to other administrators via HTML source code. Connected sources confirm the vulnerability and affected ranges, but do not provide concrete exploit steps or a published remediation version. The i...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
Removed by vendor...
CVE-2020-13273
Removed by vendor...
CVE-2020-13276
Removed by vendor...
CVE-2020-13277
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5...
Authorization
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5...
CVE-2020-13277
The CVE-2020-13277 issue is a real authorization flaw in GitLab’s repository mirroring logic that allowed read access to private repositories in CE/EE. Affected versions span GitLab CE/EE 10.6 through 13.0.5. Remediation per connected details: upgrade to GitLab fixes for the applicable lines (e.g...
CVE-2020-13268
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1...
Design/Logic Flaw
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1...